On 21/11/2019 06:05, Jürgen Groß wrote: > Where do we stand with Xen 4.13 regarding blockers and related patches? > > 1. OSStest failure regarding nested test: > I'm not quite sure whether the currently debated patch of Andrew is > fixing the problem. If not, do we know what is missing or how to > address the issue? If yes, could we please come to an agreement? > As an alternative: any thoughts about ignoring this test failure for > 4.13-RC3 (IOW: doing a force push)?
Bare in mind that the answer to this question isn't for 4.13. It is for XSA-304 in general, across all the security supported trees. Nested virt is experimental, with no support or security support, has known/suspected privilege escalation holes to L0 in, and is unusable broken outside of the corner case that OSS tests (where Xen and its nested self make identical decisions given similar inputs). The only leg OSSTest has to stand on here is "we shouldn't regress functionality" which is fair enough in principle, but not in line with the level of support we offer on experimental features. That said, I as well as plenty of others do use nested virt even if only for development purposes, and I'd prefer not to see it regressed. After several days of working on the issue, the patch I posed is for one definite bug in nested pagewalking, and as far as I'm concerned, it stands on its own merit. It doesn't fix the regression, and I can't find a feasible way of doing so in a manner which would be appropriate to re-issue in XSA-304. nestedhap_walk_L0_p2m() in its current form is simply not fit for purpose. Upon writing this, one other alternative has presented itself. Don't use NX superpages for guests with nested virt enabled. The L1 hypervisor is already capable of doing worse than DoS'ing the host, so the overall security is not reduced by this approach. > 3. Pending patches for 4.13: > Could I please have feedback which patches tagged as "for-4.13" are > fixing real regressions or issues? I don't want to take any patches > not fixing real problems after RC3, and I hope to be able to get a > push rather sooner than later to be able to let Ian cut RC3. Of ones not already identified in various threads, "x86/livepatch: Prevent patching with active waitqueues". This is a fully reviewed bugfix waiting for a release ack. Patches 1 and 2 in the series are independent, and 2 is the important one. "xen: Drop bogus BOOLEAN definitions, TRUE and FALSE". I need to check where the next actions lie here. "xen/vcpu: Sanitise VCPUOP_initialise call hierachy". This is XSA-296 followup and RFC for-4.13 with no comments for/against. This has also stalled with no acks, no concrete suggestion for changes or ways forward. > > 4. Are there any blockers for 4.13 other than 1. and 2. (apart of any > pending XSAs)? I still need to refresh the shim config, to at least disable tracebuffer functionality as it is now selectable and not usable. I think there is a lurking makefile race condition. Also some docs patches (licensing in particular) but that can wait until other fixes are sorted. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
